Deterring state actors from attacks that do not reach the level of force is difficult.
If we look at the cyber realm, the effectiveness of deterrence depends on who (state or non-state) one tries to deter and which of their behaviors. Ironically, deterring major states like China from acts of force may be easier than deterring non-state actors from actions that do not rise to the level of force. The threat of a bolt from the blue attack by a major state may have been exaggerated. Major state actors are more likely to be entangled in interdependence than are many non-state actors, and American declaratory policy has made clear that deterrence is not limited to cyber against cyber but can be cross domain with any weapons of our choice.
Along with punishment and denial, entanglement is an important means of making an actor perceive that the costs of an action will exceed the benefits. Entanglement refers to the existence of interdependences which makes a successful attack simultaneously impose serious costs on the attacker as well as the victim. This is not unique to cyber. For example, in 2009, when the People’s Liberation Army urged the Chinese government to dump some of China’s massive holdings of dollar reserves to punish the United States for selling arms to Taiwan, the Central Bank pointed out that this would impose large costs on China as well and the government decided against it.
Similarly, in scenarios which envisage a Chinese cyber attack on the American electric grid imposing great costs on the American economy, the economic interdependence would mean costly damage to China as well. Precision targeting of less sweeping targets might not produce much blowback, but the increasing importance of the Internet to economic growth may increase general incentives for self restraint. At the same time, entanglement might not create significant costs for a state like North Korea which has a low degree of interdependence with the international economic system.
Read the Remainder at The Diplomat